LiteFi LogoBack to Login

LiteFi Limited Privacy Policy

LiteFi Limited

9A, Hospital Road, Gbagada, Lagos

📞 +234 810 837 6447

🌐 LiteFi.ng

✉️ dpo@litefi.ng

Effective Date: January 1, 2025

1. Introduction

Welcome to LiteFi Limited. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our lending and credit services. Your privacy is important to us. We are committed to safeguarding your personal information and handling it with care and transparency.

This policy applies to all personal data collected through our website (litefi.ng), mobile applications, physical application forms, and any other means through which you interact with LiteFi Limited. We operate in Nigeria and are committed to complying with the Nigeria Data Protection Act (NDPA) 2023, the Lagos State Money Lenders Law, and other relevant Nigerian laws and regulations. As privacy expert Daniel J. Solove noted, "Privacy is not about having something to hide. It is about having something to protect." For LiteFi, that protection underpins our operations.

2. Scope and Application

This policy applies to all personal data processed by LiteFi Limited, regardless of the method or location of collection and storage. This includes, but is not limited to, data relating to our past, present, and prospective clients, employees, contractors, suppliers, and any other individuals whose personal data we handle. Every member of staff, contractor, and third party working with or on behalf of LiteFi Limited must strictly adhere to the provisions of this policy.

The NDPA 2023, as clarified by the GAID 2025, has an extraterritorial application, meaning it protects personal data of individuals within Nigeria, those whose data has been transferred to Nigeria, or data in transit through Nigeria, and even Nigerian citizens abroad under certain conditions.

3. Data Protection Principles

LiteFi Limited upholds the core principles for processing personal data as stipulated in the NDPA 2023. These principles guide all our data handling practices:

3.1 Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. This involves clearly identifying a valid lawful basis for processing, such as the data subject's consent, contractual necessity, legal obligation, vital interests, public task, or our legitimate interests, ensuring the data subject is fully informed. We ensure consent is freely given, specific, informed, and unambiguous, without relying on silence or inactivity.

3.2 Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes. We do not process data in a manner incompatible with the original stated purposes. For example, personal information gathered for a service agreement will not be used for unrelated marketing without explicit and separate consent.

3.3 Data Minimisation

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. Our processes are designed to avoid the collection of excessive or irrelevant data.

3.4 Accuracy

We strive to ensure personal data is accurate, complete, non-misleading, and kept up-to-date. We implement mechanisms for individuals to correct or update their information and promptly rectify or erase inaccurate data upon discovery or notification.

3.5 Storage Limitation

Personal data is not retained for longer than necessary to fulfill the purposes for which it was collected or as required by law. Our data retention schedules are regularly reviewed to ensure compliance with this principle. The GAID 2025 suggests a default deletion within six months after fulfilling the original purpose if no time-bound obligation exists.

3.6 Integrity and Confidentiality (Security)

We process personal data in a manner that ensures appropriate security against unauthorised or unlawful processing and against accidental loss, destruction, or damage. This is achieved through robust technical and organisational measures, protecting data availability, confidentiality, and integrity.

3.7 Accountability

LiteFi Limited is responsible for demonstrating compliance with the NDPA principles. We maintain records of our data processing activities, implement data protection by design and default, and conduct Data Protection Impact Assessments (DPIAs) where processing is likely to result in a high risk to data subjects' rights and freedoms.

4. Individual Rights (Data Subject Rights)

Under the NDPA 2023, individuals have enhanced rights regarding their personal data. LiteFi Limited fully supports and facilitates the exercise of these rights:

4.1 Right to be Informed

Individuals have the right to be informed about the collection and use of their personal data. Our privacy notices are designed to be clear, concise, and easily accessible, providing all required information as per NDPA Section 27.

4.2 Right of Access (Subject Access Request - SAR)

Individuals can request confirmation of whether their personal data is being processed, and if so, access to that data and related information about the processing purposes, categories of data, recipients, retention periods, and source. We will respond to SARs promptly, typically within one month.

4.3 Right to Rectification

Individuals have the right to request the correction of inaccurate or incomplete personal data. We will rectify data without undue delay upon verification.

4.4 Right to Erasure (Right to be Forgotten)

Individuals can request the deletion or removal of their personal data where there is no compelling reason for its continued processing. This applies in specific situations, such as when data is no longer necessary for its original purpose or consent is withdrawn.

4.5 Right to Restrict Processing

Individuals have the right to request the restriction of processing of their personal data in certain circumstances, for example, if they contest the accuracy of the data or object to its processing. When restricted, data can only be stored, not actively processed.

4.6 Right to Data Portability

Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller without hindrance. This right applies to data processed by automated means based on consent or a contract.

4.7 Right to Object

Individuals have the right to object to the processing of their personal data in certain situations, including processing based on legitimate interests or for direct marketing. We will cease processing unless we can demonstrate compelling legitimate grounds that override the individual's interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

4.8 Rights in relation to Automated Decision Making and Profiling

Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or significantly affects them. LiteFi Limited ensures appropriate safeguards, including human intervention and the right to express one's point of view.

4.9 Special Protections for Vulnerable Data Subjects

The GAID 2025 introduces a regime for vulnerable data subjects (e.g., children, elderly, persons with disabilities). Where a data subject is a child or lacks legal capacity, LiteFi Limited will obtain consent from a parent or legal guardian and implement appropriate age and consent verification mechanisms, utilising available technology. All processing involving children will be consistent with Nigeria's Child Rights Act 2003.

5. Data Retention and Disposal

LiteFi Limited maintains a comprehensive data retention schedule, ensuring that personal data is kept only for as long as necessary to fulfil its original purpose or to meet legal and regulatory obligations. For instance, financial records are generally retained for six years. Employee records are retained for a period consistent with labour laws. When data is no longer required, it is securely disposed of using methods appropriate to its format (e.g., cross-shredding for physical documents, secure wiping or degaussing for digital media). The GAID 2025's guidance on deleting data within six months post-purpose, where no other time-bound obligation exists, is strictly observed.

6. Information We Collect

6.1 Personal Information

We collect personal information that you provide directly to us, including but not limited to: name, email address, phone number, postal address, date of birth, government-issued identification numbers, financial information (bank account details, transaction history), employment information, and any other information you choose to provide.

6.2 Automatically Collected Information

We automatically collect certain information when you use our services, including: device information (IP address, browser type, operating system), usage data (pages visited, time spent, features used), location data (with your consent), and cookies and similar tracking technologies.

6.3 Information from Third Parties

We may receive information about you from third parties, including: financial institutions and payment processors, credit bureaus and verification services, marketing partners, and publicly available sources.

7. How We Use Your Information

We use your information for the following purposes:

  • Providing and maintaining our lending and credit services
  • Processing loan applications and managing accounts
  • Verifying your identity and preventing fraud
  • Communicating with you about our services
  • Improving our services and developing new features
  • Complying with legal and regulatory requirements
  • Marketing our services (with your consent where required)

8. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Consent: Where you have given clear consent for specific processing activities
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legal obligation: Where we must process your data to comply with legal requirements
  • Legitimate interests: Where processing is necessary for our legitimate business interests

9. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals' rights and freedoms. This helps us identify and mitigate privacy risks before they occur.

10. Third-Party Services

We work with carefully selected third-party service providers to deliver our services. These providers are contractually bound to protect your information and use it only for the purposes we specify. We conduct due diligence on all third parties and ensure they maintain appropriate security standards.

11. Cross-Border Data Transfers

If we transfer your personal data outside Nigeria, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the Nigeria Data Protection Commission
  • Standard contractual clauses approved by regulatory authorities
  • Binding corporate rules for intra-group transfers
  • Certification schemes and codes of conduct

12. Data Security

LiteFi Limited implements comprehensive security measures to protect personal data, including:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Multi-factor authentication and role-based access controls
  • Regular security assessments and penetration testing
  • Secure development practices and code reviews
  • Employee background checks and security training
  • Incident response and business continuity plans
  • Physical security measures for data centers and offices

We continuously monitor and update our security measures to address emerging threats and maintain the confidentiality, integrity, and availability of personal data.

13. Data Breach Response

In the event of a data breach, LiteFi Limited follows a comprehensive incident response plan that includes immediate containment, assessment of the breach scope, notification to the Nigeria Data Protection Commission within 72 hours (where required), and communication with affected individuals without undue delay where there is high risk to their rights and freedoms.

14. Training and Awareness

All LiteFi Limited employees receive mandatory data protection training upon joining and regular refresher training thereafter. This includes understanding of data protection principles, proper handling procedures, incident reporting, and awareness of emerging threats and regulatory changes.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification (if you have provided your email address)
  • Providing notice through our mobile application or services

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

16. Contact Information

For questions about this Privacy Policy, to exercise your data protection rights, or to contact our Data Protection Officer, please use the following contact information:

📧 Email: dpo@litefi.ng

📍 Address: 9A, Hospital Road, Gbagada, Lagos, Nigeria

📞 Phone: +234 810 837 6447

🌐 Website: www.litefi.ng

Effective Date: January 1, 2025
Last Updated: January 1, 2025

Terms of UseCreate Account